summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBjoern Schiessle <schiessle@owncloud.com>2015-07-08 09:25:42 +0200
committerBjoern Schiessle <schiessle@owncloud.com>2015-07-10 11:49:51 +0200
commit8466d9d23558c9035820c8ae6df5e04dda9e2a0f (patch)
treec7c6f7d0dc0350a33d38d13703106e281be24eb4
parent48b1e9e2a6e24fb221e9047e1063082d12dbff87 (diff)
downloadnextcloud-server-8466d9d23558c9035820c8ae6df5e04dda9e2a0f.tar.gz
nextcloud-server-8466d9d23558c9035820c8ae6df5e04dda9e2a0f.zip
more secure way to update the database
Diffstat
-rw-r--r--apps/encryption/lib/migration.php38
-rw-r--r--apps/encryption/tests/lib/MigrationTest.php58
2 files changed, 82 insertions, 14 deletions
diff --git a/apps/encryption/lib/migration.php b/apps/encryption/lib/migration.php
index 98fc5be777a..b5d5dc26568 100644
--- a/apps/encryption/lib/migration.php
+++ b/apps/encryption/lib/migration.php
@@ -143,22 +143,32 @@ class Migration {
$this->config->deleteAppValue('files_encryption', 'types');
$this->config->deleteAppValue('files_encryption', 'enabled');
+ $oldAppValues = $this->connection->createQueryBuilder();
+ $oldAppValues->select('*')
+ ->from('`*PREFIX*appconfig`')
+ ->where($oldAppValues->expr()->eq('`appid`', ':appid'))
+ ->setParameter('appid', 'files_encryption');
+ $appSettings = $oldAppValues->execute();
+
+ while ($row = $appSettings->fetch()) {
+ // 'installed_version' gets deleted at the end of the migration process
+ if ($row['configkey'] !== 'installed_version' ) {
+ $this->config->setAppValue('encryption', $row['configkey'], $row['configvalue']);
+ $this->config->deleteAppValue('files_encryption', $row['configkey']);
+ }
+ }
- $query = $this->connection->createQueryBuilder();
- $query->update('`*PREFIX*appconfig`')
- ->set('`appid`', ':newappid')
- ->where($query->expr()->eq('`appid`', ':oldappid'))
- ->setParameter('oldappid', 'files_encryption')
- ->setParameter('newappid', 'encryption');
- $query->execute();
+ $oldPreferences = $this->connection->createQueryBuilder();
+ $oldPreferences->select('*')
+ ->from('`*PREFIX*preferences`')
+ ->where($oldPreferences->expr()->eq('`appid`', ':appid'))
+ ->setParameter('appid', 'files_encryption');
+ $preferenceSettings = $oldPreferences->execute();
- $query = $this->connection->createQueryBuilder();
- $query->update('`*PREFIX*preferences`')
- ->set('`appid`', ':newappid')
- ->where($query->expr()->eq('`appid`', ':oldappid'))
- ->setParameter('oldappid', 'files_encryption')
- ->setParameter('newappid', 'encryption');
- $query->execute();
+ while ($row = $preferenceSettings->fetch()) {
+ $this->config->setUserValue($row['userid'], 'encryption', $row['configkey'], $row['configvalue']);
+ $this->config->deleteUserValue($row['userid'], 'files_encryption', $row['configkey']);
+ }
}
/**
diff --git a/apps/encryption/tests/lib/MigrationTest.php b/apps/encryption/tests/lib/MigrationTest.php
index c07a4539e98..de1e2bd268b 100644
--- a/apps/encryption/tests/lib/MigrationTest.php
+++ b/apps/encryption/tests/lib/MigrationTest.php
@@ -242,6 +242,12 @@ class MigrationTest extends \Test\TestCase {
$config->setAppValue('files_encryption', 'recoveryAdminEnabled', '1');
$config->setUserValue(self::TEST_ENCRYPTION_MIGRATION_USER1, 'files_encryption', 'recoverKeyEnabled', '1');
+ //$this->invokePrivate($config, 'cache', [[]]);
+ $cache = $this->invokePrivate(\OC::$server->getAppConfig(), 'cache');
+ unset($cache['encryption']);
+ unset($cache['files_encryption']);
+ $this->invokePrivate(\OC::$server->getAppConfig(), 'cache', [$cache]);
+
// delete default values set by the encryption app during initialization
/** @var \OC\DB\Connection $connection */
@@ -271,6 +277,58 @@ class MigrationTest extends \Test\TestCase {
}
+ /**
+ * test update db if the db already contain some existing new values
+ */
+ public function testUpdateDBExistingNewConfig() {
+ $this->prepareDB();
+ $config = \OC::$server->getConfig();
+ $config->setAppValue('encryption', 'publicShareKeyId', 'wrong_share_id');
+ $config->setUserValue(self::TEST_ENCRYPTION_MIGRATION_USER1, 'encryption', 'recoverKeyEnabled', '9');
+
+ $m = new Migration(\OC::$server->getConfig(), new \OC\Files\View(), \OC::$server->getDatabaseConnection());
+ $m->updateDB();
+
+ $this->verifyDB('`*PREFIX*appconfig`', 'files_encryption', 0);
+ $this->verifyDB('`*PREFIX*preferences`', 'files_encryption', 0);
+ $this->verifyDB('`*PREFIX*appconfig`', 'encryption', 3);
+ $this->verifyDB('`*PREFIX*preferences`', 'encryption', 1);
+
+ // check if the existing values where overwritten correctly
+ /** @var \OC\DB\Connection $connection */
+ $connection = \OC::$server->getDatabaseConnection();
+ $query = $connection->createQueryBuilder();
+ $query->select('`configvalue`')
+ ->from('`*PREFIX*appconfig`')
+ ->where($query->expr()->andX(
+ $query->expr()->eq('`appid`', ':appid'),
+ $query->expr()->eq('`configkey`', ':configkey')
+ ))
+ ->setParameter('appid', 'encryption')
+ ->setParameter('configkey', 'publicShareKeyId');
+ $result = $query->execute();
+ $value = $result->fetch();
+ $this->assertTrue(isset($value['configvalue']));
+ $this->assertSame('share_id', $value['configvalue']);
+
+ $query = $connection->createQueryBuilder();
+ $query->select('`configvalue`')
+ ->from('`*PREFIX*preferences`')
+ ->where($query->expr()->andX(
+ $query->expr()->eq('`appid`', ':appid'),
+ $query->expr()->eq('`configkey`', ':configkey'),
+ $query->expr()->eq('`userid`', ':userid')
+ ))
+ ->setParameter('appid', 'encryption')
+ ->setParameter('configkey', 'recoverKeyEnabled')
+ ->setParameter('userid', self::TEST_ENCRYPTION_MIGRATION_USER1);
+ $result = $query->execute();
+ $value = $result->fetch();
+ $this->assertTrue(isset($value['configvalue']));
+ $this->assertSame('1', $value['configvalue']);
+
+ }
+
public function verifyDB($table, $appid, $expected) {
/** @var \OC\DB\Connection $connection */
$connection = \OC::$server->getDatabaseConnection();
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-22 19:15:33 +0000